From 8a280c0206138619e11a5fd258321d5aec79d3fa Mon Sep 17 00:00:00 2001 From: Alex Godoroja Date: Fri, 26 Jun 2026 12:34:45 -0700 Subject: [PATCH] Add SMS consent and A2P messaging disclosures to privacy and terms Privacy Policy: - New "Phone Numbers & SMS Messaging" section covering mobile phone number collection, SMS opt-in/consent records, and message metadata - Carrier-required clause: opt-in and consent data are never shared with third parties or affiliates for marketing purposes - Integrated touch-ups: SMS consent in the GDPR legal basis, a retention line for phone/consent records, and a generic SMS delivery sub-processor - Renumbered subsequent sections; updated Last updated date Terms of Service: - New "SMS / Text Messaging Program" section with the required CTIA disclosures: program is transactional only, message frequency varies, message and data rates may apply, reply STOP to opt out, reply HELP for help, and carriers are not liable for delayed or undelivered messages - Renumbered Changes/Contact; updated Last updated date --- src/pages/privacy.astro | 38 +++++++++++++++++++++++++------------- src/pages/terms.astro | 19 ++++++++++++++++--- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/src/pages/privacy.astro b/src/pages/privacy.astro index a70ce36..41d23ed 100644 --- a/src/pages/privacy.astro +++ b/src/pages/privacy.astro @@ -22,7 +22,7 @@ const canonicalUrl = "https://pilotprotocol.network/privacy";

Privacy Policy

- Effective: May 28, 2026 · Last updated: June 17, 2026 + Effective: May 28, 2026 · Last updated: June 26, 2026

Pilot Protocol is operated by Vulture Labs. This Privacy Policy explains what data we collect, why we collect it, and what rights you have. It covers the Pilot Protocol daemon, the pilotprotocol.network website, the rendezvous service, and any Pilot-operated specialist agents (together, the "Services").

@@ -63,31 +63,43 @@ const canonicalUrl = "https://pilotprotocol.network/privacy";
  • Cloudflare Web Analytics — Cookieless, privacy-first analytics provided by Cloudflare. No personal data, no cookies, no fingerprinting. Aggregated page-view counts only.
    • -

    4. Legal Basis for Processing (GDPR)

    +

    4. Phone Numbers & SMS Messaging

    +

    If you provide a mobile phone number — for example, to verify your identity, secure your account, or receive service notifications — we collect and process the following:

    + +

    Providing a phone number is optional. SMS messages from Pilot Protocol are transactional only — we do not send marketing or promotional text messages. Message frequency varies, and message and data rates may apply. You may opt out at any time by replying STOP to any message; reply HELP for assistance. See our Terms of Service for the full SMS program disclosures.

    +

    We do not sell your phone number, and we do not share mobile information or SMS opt-in and consent data with third parties or affiliates for their own marketing or promotional purposes. Phone numbers are disclosed only to our SMS delivery provider, and solely to transmit the messages you requested.

    + +

    5. Legal Basis for Processing (GDPR)

    We process data under Article 6 of the UK and EU GDPR:

    -

    5. Data Retention

    +

    6. Data Retention

    -

    6. Sub-Processors

    +

    7. Sub-Processors

    We use the following third-party service providers to operate the Services:

    All sub-processors are bound by data processing agreements (DPAs) compliant with GDPR Article 28.

    -

    7. International Data Transfers

    +

    8. International Data Transfers

    Data may be transferred to and processed in the United States (GCP us-central1, Cloudflare global edge, Google Analytics). For transfers from the EEA, UK, or Switzerland, we rely on:

    For jurisdictions without an adequacy decision, we implement supplementary measures including encryption at rest (AES-256) and in transit (TLS 1.3).

    -

    8. Your Rights

    +

    9. Your Rights

    Depending on your jurisdiction, you may have the following rights:

    GDPR (EEA, UK, Switzerland)

    @@ -120,22 +132,22 @@ const canonicalUrl = "https://pilotprotocol.network/privacy";

    To exercise any of these rights, email founders@pilotprotocol.network. We will respond within 30 days (GDPR) or 45 days (CCPA). Verification of identity may be required for certain requests.

    -

    9. Data Protection Officer & EU Representative

    +

    10. Data Protection Officer & EU Representative

    Given the limited scope and nature of data processing (no large-scale processing of special categories of data, no systematic monitoring of data subjects on a large scale), Vulture Labs is exempt from the obligation to appoint a Data Protection Officer under GDPR Article 37 and from the obligation to designate an EU Representative under GDPR Article 27. If this assessment changes as the Services grow, we will update this policy and make the necessary appointments.

    -

    10. Children's Privacy

    +

    11. Children's Privacy

    The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

    -

    11. Automated Decision-Making

    +

    12. Automated Decision-Making

    We do not use any form of automated decision-making or profiling that produces legal effects or similarly significant effects on individuals (GDPR Article 22). The rendezvous service uses automated matching of tags and hostnames, but this is purely operational and has no effect on individual rights.

    -

    12. Security

    +

    13. Security

    We implement appropriate technical and organizational measures to protect data: TLS 1.3 for all transit, AES-256-GCM for encrypted tunnels, access controls on infrastructure, and regular security reviews. In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law.

    -

    13. Changes to This Policy

    +

    14. Changes to This Policy

    We will post changes to this page and update the "Last updated" date. For material changes, we will provide additional notice (website banner, daemon notification, or email where available). Continued use after changes constitutes acceptance.

    -

    14. Contact

    +

    15. Contact

    For privacy-related inquiries or to exercise your rights:

    Email: founders@pilotprotocol.network

    We aim to acknowledge all privacy requests within 5 business days.

    diff --git a/src/pages/terms.astro b/src/pages/terms.astro index e7ba613..2aaf44a 100644 --- a/src/pages/terms.astro +++ b/src/pages/terms.astro @@ -22,7 +22,7 @@ const canonicalUrl = "https://pilotprotocol.network/terms";

    Terms of Service

    - Effective: May 28, 2026 · Last updated: May 28, 2026 + Effective: May 28, 2026 · Last updated: June 26, 2026

    These Terms of Service ("Terms") are a binding agreement between Vulture Labs ("Pilot Protocol," "we," "us," "our") and you ("you," "User") governing your use of pilotprotocol.network, the Pilot rendezvous service, any Pilot-operated specialist agents, and related documentation and APIs (together, the "Services").

    @@ -101,10 +101,23 @@ const canonicalUrl = "https://pilotprotocol.network/terms";

    Before initiating formal proceedings, you agree to contact us at founders@pilotprotocol.network and attempt to resolve the dispute informally for a period of at least thirty (30) days.

    -

    11. Changes to These Terms

    +

    11. SMS / Text Messaging Program

    +

    Pilot Protocol offers an optional SMS text-messaging program. If you provide a mobile phone number and opt in, you agree to the following in addition to the rest of these Terms.

    + +

    How we collect and handle the phone number and consent data you provide is described in our Privacy Policy. We do not sell your phone number or share SMS opt-in or consent data with third parties for their own marketing purposes.

    + +

    12. Changes to These Terms

    We will post changes to this page and update the "Last updated" date. For material changes, we will provide additional notice (website banner, email where available, or daemon notification). Continued use after the effective date of changes constitutes acceptance of the revised Terms.

    -

    12. Contact

    +

    13. Contact

    Questions about these Terms?

    Email: founders@pilotprotocol.network